PDA

Bekijk Volledige Versie : Re[3]: Bypassing ISA Server 2004 with IPv6



Christine Kronberg
20/04/06, 03:20
Dear 3APA3A,


> Microsoft ISA Server can't filter events from Microsoft Mouse, but

Apples and peas?

> Microsoft Mouse can be bound to computer. It's security risk, but I know
> how to secure mouse without ISA and I accept this risk.

Nice, that you do. If I manage by any means to see remotely
that you have attached a mouse to your ISA and to (ab)use it,
I'm much better that I thought - and you have much bigger problems
than you thought.
The nice thing about icmp is that I do not require much knowledge
to get information remotely. Same true with ipv6. Unless something
in between stops me. Which brings us back to the topic: a firewall
allowing too much.

> IPv6 can not be filtered by ISA, but it still can be filtered by
> different tools, or by it's own means, as IPv6 support network-level
> security. Unlike IPv4, IPv6 supports authentication, integrity checking
> and encryption natively. See ipsec6.exe and descriptions for Security
> Association Batabase and Security Policy Database.

So you state that it is perfectly well for a firewall to allow
any traffic through. Per default? And that this firewall does not
need to have the interface to configure what traffic is allowed?
I disagree.
If a firewall supports a protocol, that same firewall should also
provide the proper means and interface to configure it. And not blow
holes in networks.

Cheers,

Christine Kronberg.